Encryption powers need much scrutiny

6 December 2018 — 9:29pm

For reasons more to do with politics than policy, the government and Labor battled it out yesterday over the Coalition's effort to push through its encryption legislation.

Labor eventually agreed to the laws, yet a further stand-off might have been the best immediate outcome for the progress of the debate around cyber security and the implications for personal privacy that flow from the legislation.

The Telecommunications (Access and Assistance) Bill passed in Federal Parliament is designed to give security agencies and police access to messaging services such as Telegram, Signal or WhatsApp, which are currently encrypted.

The encryption debate is more complicated in some respects than the debate on metadata.

Australia’s spy agencies say the law change will help them track down potential terrorists and other bad guys. But the tech community has warned that giving spooks access to messaging apps is a step on the road to a Big Brother police state. They point out that authoritarian states, such as Russia and China, have taken the lead in demanding access to encrypted networks.

Advertisement

Privacy concerns should be taken seriously. But, and this a big but, there need to be appropriate safeguards and democratic supervision. This is not that different to the longstanding laws that allow police and spies to bug your telephone, providing they obtain a warrant from a judge.

The debate, to some extent, repeats the controversy of four years ago over a law giving security agencies the power to obtain a warrant to make internet service providers hand over metadata, the digital links involved in communications, the location and time of calls and the length of the conversation.

Loading

That law was greeted with horror by the tech world, but the Commonwealth Ombudsman has raised few problems apart from a case last year in which the Australian Federal Police voluntarily admitted they accidentally accessed a journalist’s metadata without a warrant.

In some respects the data encryption debate is more complicated than that on metadata. When a phone is tapped or metadata accessed, only the targets and their callers are recorded. Metadata is more directly linked to a particular device or internet address.

Yet the latest law will require messaging companies to effectively open up portals into their encrypted networks. The tech companies argue this would create systemic weaknesses that could allow anyone to enter through the same hole. The area is highly technical and it remains to be seen whether it is practically possible for direct messaging firms to open up their encryption services without compromising them completely. It may be illegal for them to co-operate under home country legislation.

Because of that, the Coalition’s demand to pass this bill before Christmas risked looking like a political stunt. Australia’s law is unique in the democratic world and will be watched closely. It should be subject to careful scrutiny.

Moreover, in the tech world there are always loopholes. In countries such as China and Russia, virtual private networks are often used to avoid internet scrutiny. Hard-core criminals may do the same here, leaving them still more protected than the rest of us.

A note from the editor – Subscribers can get Age editor Alex Lavelle's exclusive weekly newsletter delivered to their inbox by signing up here: www.theage.com.au/editornote